From whatever I have read so far North Korea government is pretty much a criminal organization like the Mafia . They forge money, sell drugs, abduct people, sell weapons. Pretty much anything is fair game as long as it makes money without any regard for health or life of their own people or foreigners . In addition they have a propensity for killing each other. I think it would make a great mob movie.
Russia is terrible, but No. Korea is worse for it's size. That's because Russia has large legitimate sources of income, like fossil fuels, agriculture, and manufacturing. No. Korea has much less that other countries want to buy, so it makes most of its currency from criminal activity of one type or another.
How are they training the hackers? Are they being educated abroad, or are they hiring foreign hackers? For a country living in the dark ages, how are they managing to pull this off?
The regime has at least six thousand full-time hackers. Some of those they send overseas to operate. The average North Korean doesn't get exposed to that much tech, but it's another story for specialists, and most of the things they need to learn can be found online. Of course learning materials will be curated and filtered by the most politically trustworthy who themselves will be under constant and multidimensional surveillance.
Agree with this in order of magnitude at least. Even if it's 10 and not 1 or 2, the costs are relatively low. They have drug and other money. Hire for aptitude, train the trainer. Everyone else is shackled by plausible deniability. DPRK gives zero f*cks. Best candidates, best training, whatever equipment, training, and info you want, and go...no bars held.
There are more than a few efnet characters on the run with the right skillset ,I'd be really surprised if a few of them didn't get picked up by NK or similar states.
I can think of at least a couple of people that "retired" with far too little stolen money in exactly the kind of places where you'd get recruited from by NK & Co.
Nobody ever discusses this publicly, but I feel like everyone that's been around for a bit knows. Many of those names you find in old phrack zines. Frankly, every day I'm surprised none of those old names come up in new indictments.
Who's getting pardoned if Beto manages to get elected? lol.
Have a small team of highly paid well off young people with little incentive to take a "moral" stance.
Profit.
Also consider that perhaps they aren't living in the "dark ages" while right on the doorstep of one of the most technologically advanced nations on Earth? These events are happening 200km away from Seoul.
Considering the lack of blow back this has generated it seems to be a successful operation on NK's part. Who knows, maybe there will be some future consequences, but everyone globally is so focused on their nukes this seems to get lost on the side. Plus the intel agencies care more about offensive operations and hiding their capabilities, so they don't seem to be making much noise about all this to the public either (not that law enforcement is their job).
If I could prevent NK from getting Nukes, or I could prevent NK from stealing billions from banks... seems pretty reasonable that nukes are still the focus
But aren’t the billions a prerequisite for nukes? At the end of the day they’re still going to need money to make things happen with regards to the nukes. Unless they’re able to go from raw material to facilities and missiles purely from slave labor?
North Korea has substantial hydroelectric power, which could support a highly profitable crypto mining operation. I wonder how much hydropower they need before the opportunity cost of hacking exceeds that of mining crypto. I don’t think anybody wants them to spend money on weapons, but in the eventuality that they never go to war, it would probably be desirable to prevent theft.
Crypto mining would provide a more stable cashflow and has a more limited downside versus theft. I see your point, given how successful the thieves have been. But I just wonder about the value of hydro power.
Hydro power is nice and all, but monetizing that requires strictly different resources than monetizing hackers. Perhaps hydro power can be valuable, but that will not make hacking any less valuable.
> North Korea has generated an estimated $2 billion for its weapons of mass destruction programs using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges
I'm more interested in how this proves cryptocurrency markets are liquid enough. Enterprises of all sizes can get in and out of a portfolio of the largest cryptocurrencies.
Even if you keep the circle small you have a bunch of people who will have access to the report. Include some people who can gain access if they want to, e.g. IT staff.
It takes one of them who strongly believes that this information should be public knowledge.
Often, our intel has hacked their intel and watched them do it.
For example: the US is certain that North Korea was behind the Sony hack because South Korean intelligence hacked North Korean intelligence, and the NSA hacked South Korean intelligence. So the NSA found that it could access Sony servers by going through SK intel to NK intel to Sony.
Another example: one of Cozy and Fancy Bear (don't remember which) is known definitely to be Russian because Dutch intelligence hacked the CCTV cameras outside their Moscow office and was able to correlate times when they conducted spearphishing operations with times when known Russian government hackers were in the office and specific, spearphishing-related Google searches were being issued from computers in the office.
1) A classified attribution involving intelligence collection. It could be anything from corrupted foreign officials to hacking
2) A law enforcement investigation would ideally be built upon a collection of circumstantial evidence combined with mistakes by the hacker. In the case of Russia, one of their hackers forgot to log into the VPN before logging into the Guccifer social media account.
Very. Honestly, they're often not that stealthy (especially N. Korea and Iran) because they have the mantle of an evil regime behind which they can hide. China and Russia barely moreso. Companies with whom I work have been ransomed by these actors, and the FBI has almost always said they know who did it and can do nothing. Policy set higher than them.
Maybe we'll never hear about it but it seems strange we don't have counter cyber ops against their weapons programs, e.g. Israel Stuxnet and Iran's nuclear program.
Get your enemies to pay for your weapons. Neat trick, if you can pull it off. I'd be more impressed if they used the money to feed their people, though.
The same goes for firearms. The moment they can defend themselves is the moment they take the food and resources for themselves. Having your population near starvation and defenseless is the main method used to maintain power as an oppressive fascist regime.
I don't think so. Lots of people assume the North Koreans have the same sort of aspirations as westerners do. While they are of course massively indoctrinated and propagandized, don't underestimate the possibility of a fortress nation building a social identity around standing up to all the bigger countries that threaten it. Many such societies have existed in history.
You would be saying the same thing about China 30 years ago.
It's completely wrong in my opinion. Massive failure of cultural projecting by westerners to actually believe this.
Many people just want to be well fed and have safety for their small circles, they truly don't give a shit about politics. What's the US federal election turnouts again :) ?
Military first is the rule. I wonder if they managed to get the stolen money, meaning cash it out. They might have stolen $2B but that money or coins might still be off limits to NK.
Three-letters have known this for years. I know of countless situations in which a company gets ransomware and the FBI has relayed that the attacker is known, it's classified as terrorism, but nothing will happen. They've all seen it happen to many more companies. Basically, our government hasn't stood up to the evil communist bully that is little rocket man. He has committed horrible human rights violations, has attacked our companies (which is typically an act of war), and our government has done nothing.
That there's all kind of propaganda around any enemy du jour, and don't believe everything that you hear, even if it comes from "expert groups" and "independent journalists".
